package org.heart.springsecurity.customAuthenticationProvider;

import jakarta.annotation.Resource;
import org.heart.springsecurity.customAuthenticationProvider.authenticationToken.PhoneAuthenticationToken;
import org.heart.springsecurity.exceptions.CustomExceptions;
import org.heart.springsecurity.mapper.AuthenticationMapper;
import org.heart.springsecurity.springSecurity.AuthenticationUserDetailsService;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
    @Resource
    private AuthenticationMapper authenticationMapper;
    @Resource
    private RedisTemplate<Object, Object> redisTemplate;

    /**
     * Performs authentication with the same contract as
     * {@link AuthenticationManager#authenticate(Authentication)}
     * .
     *
     * @param authentication the authentication request object.
     * @return a fully authenticated object including credentials. May return
     * <code>null</code> if the <code>AuthenticationProvider</code> is unable to support
     * authentication of the passed <code>Authentication</code> object. In such a case,
     * the next <code>AuthenticationProvider</code> that supports the presented
     * <code>Authentication</code> class will be tried.
     * @throws AuthenticationException if authentication fails.
     */
    @Override
    public Authentication authenticate(Authentication authentication) {
        //使用账户密码则直接使用UsernamePasswordAuthenticationToken即可

        //自定义策略或多个策略
        if (authentication instanceof PhoneAuthenticationToken) {
            return authenticatePhone(authentication);
        } else {
            return null;
        }


    }

    /**
     * 手机登入策略
     *
     * @param authentication
     * @return
     * @throws AuthenticationException
     */
    private Authentication authenticatePhone(Authentication authentication) {
        AuthenticationUserDetailsService authenticationUserDetailsService = new AuthenticationUserDetailsService(authenticationMapper);
        //对手机号验证码进行验证
        //使用自定义异常捕获
        if (Boolean.FALSE.equals(redisTemplate.hasKey(authentication.getPrincipal()))) {
            throw new CustomExceptions.CustomPhoneException("验证码不存在或过期");
        }
        Object srt = redisTemplate.opsForValue().get(authentication.getPrincipal());
        if (!srt.toString().equals(authentication.getCredentials().toString())) {
            throw new CustomExceptions.CustomPhoneException("验证码有误");
        }
        UserDetails userDetails = authenticationUserDetailsService.loadUserByPhoneNumber(authentication.getName());
        return new PhoneAuthenticationToken(userDetails, userDetails.getAuthorities());
    }


    /**
     * Returns <code>true</code> if this <Code>AuthenticationProvider</code> supports the
     * indicated <Code>Authentication</code> object.
     * <p>
     * Returning <code>true</code> does not guarantee an
     * <code>AuthenticationProvider</code> will be able to authenticate the presented
     * instance of the <code>Authentication</code> class. It simply indicates it can
     * support closer evaluation of it. An <code>AuthenticationProvider</code> can still
     * return <code>null</code> from the {@link #authenticate(Authentication)} method to
     * indicate another <code>AuthenticationProvider</code> should be tried.
     * </p>
     * <p>
     * Selection of an <code>AuthenticationProvider</code> capable of performing
     * authentication is conducted at runtime the <code>ProviderManager</code>.
     * </p>
     *
     * @param authentication
     * @return <code>true</code> if the implementation can more closely evaluate the
     * <code>Authentication</code> class presented
     */
    @Override
    public boolean supports(Class<?> authentication) {
        return PhoneAuthenticationToken.class.isAssignableFrom(authentication);
    }
}
